Posts Tagged ‘National Institute of Standards and Technology’

Comprehensive Cyber Security Risk Management Toolkit

  Govern and manage Cyber Security risk with this unique comprehensive toolkit suite   Comprehensive Cyber Security Risk Management Toolkit Suite – Use the Cyber Security Governance & Risk Management Toolkit for a new, fresh implementation of a comprehensive management system that will also be capable of ISO27001 certification, or take advantage of this toolkit’s […]

Comments (1)

Implications of becoming a cybersecurity victim

What are the potential implications of becoming a cybersecurity victim? PWC/DTI Information Security Breaches Survey 2012 93% large businesses suffered security incident last year Average cost of worst incident for large business £110k to £250k The average large organisation had 71 security breaches in the previous year, up from just 45 two years previously. National […]

Leave a Comment

Risky business

Image by purpleslog via Flickr By Mary Mosquera Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy. Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward […]

Leave a Comment

OCR draft guidelines for security risk analysis

Image by veeliam via Flickr The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information. The security rule of the Health Insurance Portability and Accountability Act (HIPAA) requires that providers, payment plans […]

Comments (2)

What is a risk assessment framework

Image by Adam Melancon via Flickr The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure. A good RAF organizes and presents information in a way that […]

Leave a Comment

Congressional data mining and security

Image by moonhouse via Flickr“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including […]

Comments (2)

SB1386 and ISO27002

In April 20007, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386. [Table = 13] Which businesses are affected by SB 1386 law? o If […]

Leave a Comment

Defense in depth and network segmentation

Traditional security schemes are incapable of meeting new security challenges of today’s business requirements. Most security architectures are perimeter centric and lack comprehensive internal controls. Organizations which are dependent on firewall security might be overtaxing (asking security mechanism to do more than it can handle). Some of the old firewalls rule set stay intact for […]

Comments (3)